Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Version 1.77.0 breaks evaluation of custom functions #447

Closed
TYsewyn opened this issue Dec 24, 2024 · 3 comments
Closed

Version 1.77.0 breaks evaluation of custom functions #447

TYsewyn opened this issue Dec 24, 2024 · 3 comments
Assignees
@hsluoyz
Labels
bug

Comments

@TYsewyn
Copy link

TYsewyn commented Dec 24, 2024

Version 1.77.0 breaks runtime evaluation of custom functions with multiple arguments.

Assume following ABAC model:

[request_definition]
r = sub, obj, act

[policy_definition]
p = sub_rule, obj, act

[policy_effect]
e = some(where (p.eft == allow))

[matchers]
m = eval(p.sub_rule) && r.obj == p.obj && r.act == p.act

When we register a custom function named hasNameAndAge and add a policy to the enforcer as follows, then the enforcer throws runtime exceptions. In this case Execute 'eval' function error, nested exception is: EOF while reading string at index: 20

@Test
public void testEvalCustomFunction() {
    Enforcer e = new Enforcer("examples/abac_rule_model.conf", "examples/abac_rule_policy.csv");
    HasNameAndAge customFunction = new HasNameAndAge();
    e.addFunction(customFunction.getName(), customFunction);

    List<String> rule = new ArrayList<>();
    rule.add("hasNameAndAge('alice,green', 18)");
    rule.add("data1");
    rule.add("read");
    e.addPolicy(rule);

    TestEvalRule aliceGreen = new TestEvalRule("alice,green", 18);
    testEnforce(e, aliceGreen, "data1", "read", true);
}

public static class HasNameAndAge extends CustomFunction  {

    @Override
    public String getName() {
        return "hasNameAndAge";
    }

    @Override
    public AviatorObject call(Map<String, Object> env, AviatorObject arg1, AviatorObject arg2) {
        String name = FunctionUtils.getStringValue(arg1, env);
        Number age = FunctionUtils.getNumberValue(arg2, env);
        TestEvalRule sub = (TestEvalRule) env.get("r_sub");
        return name.equals(sub.getName()) && age.intValue() == sub.getAge() ? AviatorBoolean.TRUE : AviatorBoolean.FALSE;
    }
}

Although this is a rather simple custom function and example, it demonstrates a major flaw in the change that was introduced with this commit, specifically the following snippet:

if (hasEval) {
    pvals = splitCommaDelimitedList(pvals);
}
@hsluoyz
Copy link
Member

hsluoyz commented Dec 24, 2024

@TYsewyn this bug is introduced in this PR: #443 by @tx2002

@TYsewyn can you make a PR to fix it?

@hsluoyz hsluoyz self-assigned this Dec 24, 2024
@hsluoyz hsluoyz added the bug label Dec 24, 2024
@TYsewyn TYsewyn mentioned this issue Dec 24, 2024
Closed
@TYsewyn
Copy link
Author

TYsewyn commented Dec 24, 2024

IMO the solution to this bug is to roll the previous change back and look at the adapter.
See #440 (comment)

@hsluoyz
Copy link
Member

hsluoyz commented Dec 25, 2024

@TYsewyn PR: #443 has been reverted by PR: #448

@hsluoyz hsluoyz closed this as completed Dec 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hsluoyz hsluoyz

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hsluoyz @TYsewyn